[Debian-iot-packaging] [openzwave-controlpanel] 06/06: Harden build flags

Dara Adib daradib-guest at moszumanska.debian.org
Fri Dec 23 03:36:45 UTC 2016 

This is an automated email from the git hooks/post-receive script.

daradib-guest pushed a commit to branch debian/master
in repository openzwave-controlpanel.

commit 02cf2ab6ff7206409aa5bc58d9f5fb0e6e1b3b63
Author: Dara Adib <daradib at ocf.berkeley.edu>
Date:   Thu Dec 22 21:37:43 2016 -0500

    Harden build flags
---
 debian/TODO                        |  2 --
 debian/patches/0001-Makefile.patch | 23 +++++++++++++++--------
 debian/rules                       |  2 ++
 3 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/debian/TODO b/debian/TODO
index 3818338..d088d14 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -1,5 +1,3 @@
- - Change CFLAGS and LDFLAGS in Makefile
-   (lintian hardening-no-bindnow, hardening-no-fortify-functions).
  - Consider patching webserver.cpp to use mkstemp instead of mktemp
    and forward change upstream. This would fix a gcc warning.
  - Add a watch file if upstream starts making releases (GitHub #51).
diff --git a/debian/patches/0001-Makefile.patch b/debian/patches/0001-Makefile.patch
index d0b935b..c086d91 100644
--- a/debian/patches/0001-Makefile.patch
+++ b/debian/patches/0001-Makefile.patch
@@ -3,18 +3,25 @@ Date: Wed, 21 Dec 2016 16:55:01 -0500
 Subject: Makefile
 
 Upstream Makefile is configured to build on Mac OS X.
-Build against packaged Debian libraries instead.
+
+ - Build against packaged Debian libraries instead.
+ - Append CFLAGS to support hardening.
 ---
- Makefile | 29 +++++++++++++----------------
- 1 file changed, 13 insertions(+), 16 deletions(-)
+ Makefile | 33 ++++++++++++++-------------------
+ 1 file changed, 14 insertions(+), 19 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index a2ac64d..387efca 100644
+index a2ac64d..a9bea23 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -21,28 +21,25 @@ DEBUG_LDFLAGS	:= -g
- CFLAGS	:= -c $(DEBUG_CFLAGS)
- LDFLAGS	:= $(DEBUG_LDFLAGS)
+@@ -17,32 +17,27 @@ RELEASE_CFLAGS  := -Wall -Wno-unknown-pragmas -Werror -Wno-format -O3 -DNDEBUG
+ 
+ DEBUG_LDFLAGS	:= -g
+ 
+-# Change for DEBUG or RELEASE
+-CFLAGS	:= -c $(DEBUG_CFLAGS)
+-LDFLAGS	:= $(DEBUG_LDFLAGS)
++CFLAGS += -c -Wall -Wno-unknown-pragmas -Wno-format
  
 -OPENZWAVE := ../open-zwave/
 -LIBMICROHTTPD := -L/usr/local/lib/ -lmicrohttpd
@@ -48,7 +55,7 @@ index a2ac64d..387efca 100644
  
  %.o : %.cpp
  	$(CXX) $(CFLAGS) $(INCLUDES) -o $@ $<
-@@ -59,13 +56,13 @@ ifeq ($(LIBZWAVE),)
+@@ -59,13 +54,13 @@ ifeq ($(LIBZWAVE),)
  	@exit 1
  endif
  
diff --git a/debian/rules b/debian/rules
index 2467950..83afd54 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,5 +1,7 @@
 #!/usr/bin/make -f
 #DH_VERBOSE = 1
 
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
 %:
 	dh $@

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-iot/openzwave-controlpanel.git

More information about the Debian-iot-packaging mailing list